CVE-2024-30595 identifies a critical stack overflow vulnerability in the Tenda FH1202 router firmware version 1.2.0.14(408). The vulnerability resides in the addWifiMacFilter function, specifically in the handling of the deviceId parameter. A stack overflow occurs when the input to this parameter exceeds expected bounds, allowing an attacker to overwrite the stack memory. This can lead to arbitrary code execution, enabling full control over the device, or cause a denial of service by crashing the router. The vulnerability requires no authentication or user interaction, making it remotely exploitable over the network. The CVSS v3.1 base score of 9.8 reflects its critical nature, with attack vector being network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). The impact affects confidentiality, integrity, and availability (C:H/I:H/A:H). The weakness is classified under CWE-121 (Stack-based Buffer Overflow), a common and dangerous software flaw. No patches or exploit code are currently publicly available, but the vulnerability's characteristics make it a prime target for attackers once weaponized. The affected device is a consumer-grade router commonly used in home and small office environments, which may lack robust security controls, increasing the risk of exploitation.

The impact of CVE-2024-30595 is severe for organizations and individuals using the Tenda FH1202 router. Successful exploitation can lead to complete compromise of the device, allowing attackers to intercept, modify, or disrupt network traffic, potentially pivoting to internal networks. Confidential data confidentiality and integrity can be breached, and availability can be disrupted through denial of service. This can result in loss of sensitive information, unauthorized network access, and operational downtime. The vulnerability's remote, unauthenticated exploitability increases the attack surface, especially for devices exposed to the internet or untrusted networks. Small businesses and home users relying on this router model may lack the resources to detect or respond to such attacks, amplifying the risk. Additionally, compromised routers can be leveraged as part of botnets or for launching further attacks, impacting broader network ecosystems.

1. Immediately isolate affected Tenda FH1202 routers from untrusted networks, especially the internet, to reduce exposure. 2. Disable remote management interfaces and services on the router to prevent external exploitation. 3. Implement network segmentation to limit the router's access to critical internal resources. 4. Monitor network traffic for unusual patterns or signs of compromise, such as unexpected outbound connections or device instability. 5. Regularly check for firmware updates or security advisories from Tenda and apply patches promptly once available. 6. If patching is delayed, consider replacing affected devices with models from vendors with a stronger security track record. 7. Employ intrusion detection/prevention systems (IDS/IPS) to detect exploitation attempts targeting this vulnerability. 8. Educate users about the risks of using outdated router firmware and encourage best practices for device security. These steps go beyond generic advice by focusing on immediate exposure reduction and proactive monitoring until official patches are released.